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CLAIMS 

I claim: 

1 . A method for on-line mass distribution of data products to end users, the method 
comprising: 

maintaining a first portion of each of said data products at a first location; 
maintaining a second portion of each of said data products at a second location; 
for each of said end users, confirming the end user's entitlement to one of said data 
products; 

obtaining a first portion of said one of said data products from said first location and a 
second portion of said one of said data products from said second location; 

combining said first portion of said one of said data products and said second portion of 
said one of said data products; and 

providing said combined first portion and second portion to said user. 

2. The method of claim 1, wherein said data products include geographic databases. 

3. The method of claim 1, wherein said data products include digital copies of 
movies. 

4. The method of claim 1, wherein said data products include digital copies of 
musical songs. 
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1 5. The method of claim 1, further comprising the step of: 

2 encrypting said first portion of each of said data products. 

3 

1 6. The method of claim 1, further comprising the step of: 

2 prior to the step of combining, encrypting said first portion of one of said data products. 

3 

1 7. The method of claim 1, wherein said step of combining is performed at said 

2 second location. 
3 

8. A system for secure on-line mass distribution of data products to end users 

ff}2 comprising: 

i • I 

033 an authorization server having associated therewith copies of first portions of a plurality 

H4 of data products; 

Q 5 a plurality of data distribution terminals, each of which has associated therewith copies of 

~ 6 second portions of said plurality of data products; 

Q 

q 7 a communications system that provides for exchange of data between said authorization 

8 server and said plurality of data distribution terminals, and 

9 a data distribution program that provides copies of said data products to those end users 

10 who ar^en^^ to have said copies thereof, wherein said data distribution program provides a 

1 1 copy of a data product by combining a copy of the first portion of said data product obtained 

12 from said authorization server with a copy of the second portion of said data product obtained 

13 from one of said plurality of data distribution terminals. 
14 
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1 9. The system of claim 8, wherein said authorization server also has associated 

2 therewith an authorization database containing data indicating entitlement by said end users to 

3 copies of said data products. 
4 

1 10. A system for securely conveying a data product, the data product defining a first 

2 portion and a second portion, the first portion defining at least one key to the second portion, the 

3 system comprising, in combination: 

4 a first entity maintaining the first portion; 

5 a second entity maintaining the second portion; 

4 6 a first set of logic executable by the first entity to encrypt the first portion so as to 
m l produce an encrypted first portion that can be decrypted using a first decryption key, wherein the 

3 -. I 

5 8 first entity sends the encrypted first portion via a telecommunications link to the second entity; 

P 

^ 9 and 

5o a second set of logic executable by the second entity, upon receipt of the encrypted first 

1 portion, to record onto a storage medium the encrypted first portion and the second portion, 
gl 2 wherein the storage medium may be provided to a third entity, which, if provided with 

13 access to the first decryption key, can in turn access the data product. 

14 

1 11. The system of claim 10, wherein the first entity sends to the second entity, 

2 together with the encrypted first portion, an encrypted authorization key that can be decrypted 

3 using a second decryption key so as to reveal verification information indicative of an entity 

4 authorized to access the data product, and wherein the second set of logic is further executable to 

5 record onto the storage medium the encrypted authorization key. 
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1 12. The system of claim 11, wherein the second decryption key is derived as a 

2 function of an environmental parameter. 

3 

1 13. The system of claim 12, wherein the environmental parameter comprises an 

2 identification code associated with the entity authorized to access the data product. 

3 

1 14. The system of claim 11, wherein the third entity has access to the second 

2 decryption key, the system further comprising: 

3 a third set of logic executable by the third entity to decrypt the encrypted authorization 
y4 key, to thereby gain access to the verification information, and to use the verification information 
~5 to validate use of the data product. 

fn6 

:F3s 

1=^1 15. The system of claim 11, wherein the third entity has access to the second 

Gl decryption key, the system further comprising: 

Jl3 a third set of logic executable by the third entity to decrypt the encrypted authorization 



24 information, to thereby gain access to the verification information, and to compare at least a 

5 portion of the verification information to predetermined information associated with the third 

6 entity so as to determine whether the third entity is authorized to access the data product. 

7 

1 16. The system of claim 15, wherein the predetermined information associated with 

2 the third entity comprises an identification code. 
3 
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1 17. The system of claim 10, wherein the first entity sends to the second entity, 

2 together with the encrypted first portion, an encrypted authorization key that can be decrypted 

3 using a second decryption key so as to reveal verification information indicative of an entity 

4 authorized to store the data product. 

5 

1 18. The system of claim 17, wherein the second decryption key is derived as a 

2 function of an environmental parameter. 

3 

1 19. The system of claim 18, wherein the environmental parameter comprises an 

jS2 identification code associated with the entity authorized to store the data product. 

013 

Hi 20. The system of claim 17, wherein the third entity has access to the second 

^ 2 decryption key, the system further comprising: 

^ 3 a third set of logic executable by the third entity to decrypt the encrypted authorization 

J 4 key, to thereby gain access to the verification information, and to use the verification information 

□ 5 to validate storage of the data product. 
6 

1 21. The system of claim 17, wherein the third entity has access to the second 

2 decryption key, the system further comprising: 

3 a third set of logic executable by the third entity to decrypt the encrypted authorization 

4 information, to thereby gain access to the verification information, and to compare at least a 

5 portion of the verification information to predetermined information associated with the storage 

6 medium so as to determine whether the storage medium is authorized to store the data product. 
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1 22. The system of claim 21, wherein the predetermined information associated with 

2 the storage medium comprises an identification code. 
3 

1 23. The system of claim 10, wherein the data product comprises geographic 

2 information and the third entity comprises a navigation system. 
3 

1 24. A method for securely conveying a data product, the data product defining a first 

2 portion and a second portion, the first portion defining at least one key to the second portion, the 

3 method comprising, in combination: 

at a first entity, encrypting the first portion of the data product so as to produce an 

m 

mS encrypted first portion that can be decrypted using a first decryption key; 

036 sending the encrypted first portion via a telecommunications link from the first entity to a 

^7 second entity; 

5 

*f 8 receiving the encrypted first portion at the second entity; 

Jl9 at the second entity, recording onto a storage medium the encrypted first portion and the 

Qo second portion; and 

1 1 thereafter providing the storage medium to a third entity, 

12 whereby, if the third entity has access to the first decryption key, the third entity may 

13 decrypt the encrypted first portion and thereby gain access to the data product. 
14 

1 25. The method of claim 24, further comprising sending to the second entity, together 

2 with the encrypted first portion, an encrypted authorization key that can be decrypted using a 
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3 second decryption key so as to reveal verification information indicative of an entity authorized 

4 to access the data product. 

5 

1 26. The method of claim 25, further comprising generating the second decryption key 

2 as a function of an environmental parameter. 
3 

1 27. The method of claim 26, wherein the environmental parameter comprises an 

* 2 identification code associated with the entity authorized to access the data product. 
3 

5 1 28. The method of claim 27, further comprising: 

%2 the third entity generating the second decryption key as the function of the identification 

i - S 

Bg3 code; 

mm the third entity using the second decryption key to decrypt the encrypted authorization 

s 

Q 5 key and to thereby gain access to the verification information; and 

yj 

6 the third entity using the verification information to validate storage of the data product. 




1 29. The method of claim 25, further comprising: 

2 the third entity using the second decryption key to decrypt the encrypted authorization 

3 key and to thereby gain access to the verification information; and 

4 the third entity using the verification information to validate use of the data product. 

5 
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1 30. The method of claim 29, wherein using the verification information to validate 

2 use of the data product comprises comparing at least a portion of the verification information to 

3 predetermined information associated with the third entity so as to determine whether the third 

4 entity is authorized to access the data product. 

5 

l 31. The method of claim 30, wherein the predetermined information associated with 

y 2 the third entity comprises an identification code. 
3 

1 32. The method of claim 24, further comprising sending to the second entity, together 

fo2 with the encrypted first portion, an encrypted authorization key that can be decrypted using a 

m 3 second decryption key so as to reveal verification information indicative of an entity authorized 

H 4 to store the data product. 

5 

y 1 33. The method of claim 32, further comprising generating the second decryption key 

u 

fx 2 as a function of an environmental parameter. 

«=. 

I ! 

O 3 

1 34. The method of claim 33, wherein the environmental parameter comprises an 

2 identification code associated with the entity authorized to store the data product. 

3 
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1 35. The method of claim 34, further comprising: 

2 the third entity generating the second decryption key as the function of the identification 

3 code; 

4 the third entity using the second decryption key to decrypt the encrypted authorization 

5 key and to thereby gain access to the verification information; and 

6 the third entity using the verification information to validate storage of the data product. 

7 

1 36. The method of claim 32, further comprising: 

2 the third entity using the second decryption key to decrypt the encrypted authorization 
% 3 key and to thereby gain access to the verification information; and 

En 4 the third entity using the verification information to validate storage of the data product. 

^1 37. The method of claim 36, wherein using the verification information to validate 

^ 2 storage of the data product comprises comparing at least a portion of the verification information 

^3 to predetermined information associated with the storage medium so as to determine whether the 

3 : 

O 4 storage medium is authorized to store the data product. 
5 

1 38. The method of claim 37, wherein the predetermined information associated with 

2 the storage medium comprises an identification code. 

3 

1 39. The method of claim 24, wherein the data product comprises geographic 

2 information and the third entity comprises a navigation system. 




-59- 



